An application running on a client device on a business' intranet may be configured to obtain content from different sources. For example, the application may obtain content from a service provider that provides social media content, such as Twitter®, Facebook®, and Google+™. The business may also implement a local application server on the business' intranet, such as SAP Jam, which is available from SAP AG.
Conventionally, the content obtained from the service provider is through RESTful services using a communication protocol. REST (Representational State Transfer) is an architecture style for designing networked applications that relies on a stateless, client-server, cacheable communications protocol, such as HTTP. However, as the service provider is likely to reside outside the business' intranet, it is important to establish a secure and trusted connection to the service provider when requesting content via its REST application programming interface (API). Technologies to establish these secured and trusted connections include HTTP over SSL (HTTPS), OAUTH 2.0, and the Security Assertion Markup Language (SAML). These technologies implement the exchanging and signing of security certificates to authenticate a requester of content or an available service. However, configuring a single client to support these technologies takes a non-trivial amount of time and effort and, in a business environment, hundreds or thousands of such clients must be configured accordingly.
In addition, many client devices implement security policies that make it difficult to obtain content from different external providers in a cohesive manner. One example policy typically implemented on the client-side is the Same-Origin-Policy (SOP), which does not allow a web application containing client-side scripting (e.g., JavaScript) to display content coming from different service providers. In other words, SOP permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin (e.g., the same domain).
The headings provided herein are merely for convenience and do not necessarily affect the scope or meaning of the terms used.